Package: libapache2-mod-php5filter Version: 5.6.13+dfsg-0+deb8u1 Severity: important
Dear Maintainer, When using Fusion Inventory plugin over GLPI 0.84 (from debian repo), we have hit a bug. It happens when the agent tries to send a huge (30k) XML chunk, xlib compressed over HTTP POST. The PHP code in Fusion Inventory uses $HTTP_RAW_POST_DATA. We have found that the binary blob in the POST is around 13kB but the PHP var contains way less data, like 120 bytes or 1.5 kB in other situations. Tried php://input : same size as in $HTTP_RAW_POST_DATA. In apache2 log, shitty things happens :172.16.2.120 - - [23/Sep/2015:10:50:40 +0200] "POST /glpi/plugins/fusioninventory/ HTTP/1.1" 200 0 "-" "FusionInventory-Agent_v2.3.16" 172.16.2.120 - - [23/Sep/2015:10:50:40 +0200] "\x9cv\xdej\xc0\xe3e\xc2H\xc5\x99\x0e" 400 0 "-" "-"
With Wireshark, we have found that on the HTTP connection, there is 2 replies on the Fusion Inventory single request (an HTTP/200 from PHP, a HTTP 400 from apache). Everything starts to work normally when replacing libapache2-mod-php5filter with libapache2-mod-php5. The expected behavior is to have $HTTP_RAW_POST_DATA or php://input reflecting the whole binary data sent over the wire. You could check in atttachement the tcp tchat between fusion Inventory agent and theh GLPI server. Taken from Wireshark / follow TCP stream / Save as... The agent talks first with HTTP POSTING a "big" blob, then server replies HTTP/1.1 200 OK with another zlib compressed blob and a second reply (without any request from the agent) is sent by apache (HTTP 400). -- Package-specific info: ==== Additional PHP 5 information ==== ++++ PHP 5 SAPI (php5query -S): ++++ cli apache2filter ++++ PHP 5 Extensions (php5query -M -v): ++++ opcache (Enabled for cli by maintainer script) opcache (Enabled for apache2filter by maintainer script) json (Enabled for cli by maintainer script) json (Enabled for apache2filter by maintainer script) readline (Enabled for cli by maintainer script) readline (Enabled for apache2filter by maintainer script) pdo (Enabled for cli by maintainer script) pdo (Enabled for apache2filter by maintainer script) ++++ Configuration files: ++++ [PHP] engine = On short_open_tag = Off asp_tags = Off precision = 14 output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 17disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes = zend.enable_gc = On expose_php = Off max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 8M auto_prepend_file = auto_append_file = default_mimetype = "text/html" default_charset = "UTF-8" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [CLI Server] cli_server.color = On [Date] [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQL] mysql.allow_local_infile = On mysql.allow_persistent = On mysql.cache_size = 2000 mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = mysql.default_socket = mysql.default_host = mysql.default_user = mysql.default_password = mysql.connect_timeout = 60 mysql.trace_mode = Off [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [Sybase-CT] sybct.allow_persistent = On sybct.max_persistent = -1 sybct.max_links = -1 sybct.min_server_severity = 10 sybct.min_client_severity = 10 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 0 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [MSSQL] mssql.allow_persistent = On mssql.max_persistent = -1 mssql.max_links = -1 mssql.min_error_severity = 10 mssql.min_message_severity = 10 mssql.compatibility_mode = Off mssql.secure_connection = Off [Assertion] [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] [opcache] [curl] [openssl] **** /etc/php5/apache2filter/conf.d/20-json.ini **** extension=json.so **** /etc/php5/apache2filter/conf.d/05-opcache.ini **** zend_extension=opcache.so **** /etc/php5/apache2filter/conf.d/20-readline.ini **** extension=readline.so **** /etc/php5/apache2filter/conf.d/10-pdo.ini **** extension=pdo.so -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libapache2-mod-php5filter depends on: ii apache2 2.4.10-10+deb8u3 ii apache2-bin [apache2-api-20120211] 2.4.10-10+deb8u3 ii libbz2-1.0 1.0.6-7+b3 ii libc6 2.19-18 ii libcomerr2 1.42.12-1.1 ii libdb5.3 5.3.28-9 ii libgssapi-krb5-2 1.12.1+dfsg-19 ii libk5crypto3 1.12.1+dfsg-19 ii libkrb5-3 1.12.1+dfsg-19 ii libmagic1 1:5.22+15-2 ii libonig2 5.9.5-3.2 ii libpcre3 2:8.35-3.3 ii libqdbm14 1.8.78-5+b1 ii libssl1.0.0 1.0.1k-3 ii libxml2 2.9.1+dfsg1-5 ii mime-support 3.58 ii php5-cli 5.6.13+dfsg-0+deb8u1 ii php5-common 5.6.13+dfsg-0+deb8u1 ii php5-json 1.3.6-1 ii tzdata 2015d-0+deb8u1 ii ucf 3.0030 ii zlib1g 1:1.2.8.dfsg-2+b1 libapache2-mod-php5filter recommends no packages. Versions of packages libapache2-mod-php5filter suggests: pn php-pear <none> Versions of packages php5-common depends on: ii libc6 2.19-18 ii lsof 4.86+dfsg-1 ii psmisc 22.21-2 ii sed 4.2.2-4+b1 ii ucf 3.0030 Versions of packages php5-common suggests: pn php5-user-cache <none> -- no debconf information
tcp-stream.dat
Description: Binary data